<?php 	// if the form has been submitted
	if (isset($_POST['url'])) {


		// allow urls that begin with these strings
		$allowed_protocols = array('http:', 'https:', 'mailto:');

		require_once 'includes/look-url.class.php'; // <- lilURL class file

		$lilurl = new lookURL();


		$msg = '<p class="error">Creation of your lil&#180; URL failed for some reason.</p>';
		$response['error'] = 'true';
		$response['msg'] = $msg;


		// escape bad characters from the user's url
		$longurl = trim(mysql_escape_string($_POST['url']));

		// set the protocol to not ok by default
		$protocol_ok = false;

		// if there's a list of allowed protocols,
		// check to make sure that the user's url uses one of them
		if (count($allowed_protocols)) {
			foreach ($allowed_protocols as $ap) {
				if (strtolower(substr($longurl, 0, strlen($ap))) == strtolower($ap)) {
					$protocol_ok = true;
					break;
				}
			}
		} else // if there's no protocol list, screw all that
		{
			$protocol_ok = true;
		}

		// add the url to the database
		if ($protocol_ok && $lilurl->add_url($longurl)) {
			$url = 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . $lilurl->get_id($longurl);
			$response['short_url'] = $url;
			$response['error'] = 'false';
			$response['msg'] = 'Done... You may now use: <u>'.$url.'</u> to redirect to <u>'.$longurl.'</u>.';
		} elseif (!$protocol_ok) {
			$msg = '<p class="error">Invalid protocol!</p>';

			$response['error'] = 'true';
			$response['msg'] = $msg;
		} else {
			$msg = '<p class="error">Creation of your lil&#180; URL failed for some reason.</p>';
			$response['error'] = 'true';
			$response['msg'] = $msg;
		}

		echo json_encode($response);
	} ?>